Document decoding of ephemeral_key from epk
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
This commit is contained in:
ying tong
GitHub
parent
2120658d5d
commit
83074b2628
|
|
@ -112,6 +112,10 @@ class TransmittedNoteCipherText(object):
|
||||||
return None
|
return None
|
||||||
|
|
||||||
shared_secret = OrchardKeyAgreement.agree(ivk, epk)
|
shared_secret = OrchardKeyAgreement.agree(ivk, epk)
|
||||||
|
# The protocol spec says to take `ephemeral_key` as input to decryption
|
||||||
|
# and to decode epk from it. That is required for consensus compatibility
|
||||||
|
# in Sapling decryption before ZIP 216, but the reverse is okay here
|
||||||
|
# because Pallas points have no non-canonical encodings.
|
||||||
ephemeral_key = bytes(epk)
|
ephemeral_key = bytes(epk)
|
||||||
k_enc = kdf_orchard(shared_secret, ephemeral_key)
|
k_enc = kdf_orchard(shared_secret, ephemeral_key)
|
||||||
p_enc = OrchardSym.decrypt(k_enc, self.c_enc)
|
p_enc = OrchardSym.decrypt(k_enc, self.c_enc)
|
||||||
|
|
@ -144,6 +148,10 @@ class TransmittedNoteCipherText(object):
|
||||||
return (note, np.memo)
|
return (note, np.memo)
|
||||||
|
|
||||||
def decrypt_using_ovk(self, ovk, rseed, rho, cv, cm_star):
|
def decrypt_using_ovk(self, ovk, rseed, rho, cv, cm_star):
|
||||||
|
# The protocol spec says to take `ephemeral_key` as input to decryption
|
||||||
|
# and to decode epk from it. That is required for consensus compatibility
|
||||||
|
# in Sapling decryption before ZIP 216, but the reverse is okay here
|
||||||
|
# because Pallas points have no non-canonical encodings.
|
||||||
ock = prf_ock_orchard(ovk, bytes(cv), bytes(cm_star.extract()), bytes(self.epk))
|
ock = prf_ock_orchard(ovk, bytes(cv), bytes(cm_star.extract()), bytes(self.epk))
|
||||||
op = OrchardSym.decrypt(ock, self.c_out)
|
op = OrchardSym.decrypt(ock, self.c_out)
|
||||||
if op is None:
|
if op is None:
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue